[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: our ldm system
- Subject: Re: our ldm system
- Date: Wed, 12 Jan 2000 11:20:33 -0700 (MST)
Frank,
I'm at the AMS this week. It's sounds like you had an abnormal stop to
the LDM. I would suggest stopping the LDM and then doing a :
% ps -eaf | grep ldm
and deleting all the ldm processes. I believe the other rogue processes
are causing the abnormal situation. Also, you should do an:
% rpcinfo -p
and make sure that port 388 is not being used.
Yes you can send me your login and
passwd, probably will not get a chance to look at it until FRI.
Robb...
On Sun, 9 Jan 2000, Frank Colby wrote:
> Robb,
>
> Our ldm system seems to have lost its way, and I fear it has been hacked
> into. There are a whole list of processes which are running that don't
> look familiar, and it cannot resolve internet addresses. The ldm
> starts, but doesn't get any data, and ftp or telnet can't even find our
> vms systems, so if we did get data, the ftp process wouldn't work
> anyway. I have two requests:
>
> 1) If I gave you a username and password to get onto the system, would
> you be willing to look at the processes that are running and see if it
> looks odd to you as well? I am not a computer person, just a
> meteorology professor, and so I don't understand unix too well. Our
> university has cut virtually all of the system people, so I dont' have
> any support.
>
> 2) If in fact the system is hacked, and I need to start with a clean
> operating system load, can you suggest ways to protect the system from
> another attack?
>
> Thanks,
>
> Frank Colby
>
> PS This is complicated by the fact that I am physically in Seattle, on
> sabbatical. I am planning to return periodically to Massachusetts, but
> this is kind of my worst nightmare.
>
> PPS These problems only happened beginning on the 7th. of this month.
>
>
>
===============================================================================
Robb Kambic Unidata Program Center
Software Engineer III Univ. Corp for Atmospheric Research
address@hidden WWW: http://www.unidata.ucar.edu/
===============================================================================